We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

European Privacy Regulators' Position on Privacy Shield Will Prolong Uncertainty on Transatlantic Data Flows

Hogan Lovells, authors of the first comprehensive legal analysis of the EU-U.S. Privacy Shield framework, today commented on the latest position of the Article 29 Working Party of EU privacy regulators‎.

Eduardo Ustaran, London-based partner at Hogan Lovells, said:

"This is such a sensitive issue in Europe that it's perhaps unsurprising that the EU's privacy regulators are still sitting on the fence. The Privacy Shield is crucial in bridging the gap between European and American approaches to privacy and it is therefore essential that it can be relied upon with complete certainty.

"This prolongs the current uncertainty regarding the legality of transatlantic dataflows. However, it would be inconceivable for such flows to stop and I believe that the efforts of both the European Commission and the U.S. government should be given the benefit of the doubt.

"The European Commission is likely to proceed with its decision to support the Privacy Shield despite the Working Party's position.‎ Therefore companies should bear that in mind when deciding which mechanism to deploy to ensure that their data is protected no matter where it is in the world."

Julie Brill, former commissioner for the US Federal Trade Commission who was instrumental in the privacy shield negotiations, and current partner and co-leader of the global privacy and cybersecurity practice at Hogan Lovells, believes the agreement is good enough:

"I appreciate the hard work of the WP29 on its in-depth examination of the issues surrounding Privacy Shield. We should all examine carefully the WP29 opinion and determine whether there are points that can be clarified quickly. However, I encourage all stakeholders to not let the perfect stand in the way of something very, very good”, she said. “I believe Privacy Shield should be approved quickly and we should all move forward to implementation, to ensure consumers are well protected and to provide certainty for businesses."

Background

The EU-U.S. Privacy Shield is the result of a political agreement on a new framework for transatlantic exchange of personal data for commercial purposes, which was reached by the European Commission and the U.S. Department of Commerce on 2 February 2016. It will replace the original Safe Harbor framework, whose legal basis was invalidated by the CJEU, and aims to protect the fundamental rights of Europeans once their data is transferred to the United States and to ensure legal certainty for businesses.

Hogan Lovells’ analysis of the Privacy Shield provides rigorous assessment based on European jurisprudence and an objective view on its adequacy. It considers the historical background that preceded the adoption of the Privacy Shield as well as the precise legal criteria that the CJEU would likely use in the future to determine the validity of the new framework.

It finds that the Privacy Shield Framework substantially meets the criteria for adequacy under Article 25(6) of the Data Protection Directive, as interpreted by the CJEU, and concludes that the framework provides an ‘essentially equivalent’ level of protection for personal data transferred from the EU to the US.

A full summary of and further comment on the Privacy Shield programme can be found here, on Twitter: @EUstaran, and on our blog: hldataprotection